Multiple vulnerabilities has been found and corrected in groff: contrib/pdfmark/pdfroff.sh in GNU troff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file . The gendef.sh, doc/fixinfo.sh, and contrib/gdiffmk/tests/runtests.in scripts in GNU troff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file . The contrib/eqn2graph/eqn2graph.sh, contrib/grap2graph/grap2graph.sh, and contrib/pic2graph/pic2graph.sh scripts in GNU troff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296 . The updated packages have been patched to correct these issues.